| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Of allowing you to pass in a NID directly, instead of a trust_id,
and have it work, as long as the trust_id's and the NID's did not
overlap.
This screwball behaviour was depended upon by the OCSP code that
called X509_check_trust with the NID, instead of the trust id, so
let's fix that.
We also rename the confusingly named X509_TRUST_DEFAULT to
X509_TRUST_ACCEPT_ALL which makes a lot more sense, and rototill
this to remove the confusingly named static functions.
This will shortly be follwed up by making this function private,
so we have not bothered to fix the amazingly obtuse man page
as it will be taken behind the barn at that time.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The XXX comment in here is now outdated. Our behaviour matches boringssl
in that passing in a 0 trust gets the default behavior, which is to
trust the certificate only if it has EKU any, or is self signed.
Remove the goofy unused nid argument to "trust_compat" and rename it to
what it really does, instead of some bizzare abstraction to something
simple so the code need not change if we ever change our mind on what
"compat" is for X.509, which will probably only happen when we are back
to identifying things by something more sensible like recognizable grunts
and smells.
ok jsing@
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Instead rename the **ext in this file to **out_ext, freeing up ext in
X509_EXTENSION_create_by_OBJ()
Appeases some jsing grumbling on review
|
| |
|
|
|
|
| |
x -> out_ext, sk -> exts
requested by jsing on review
|
| |
|
|
| |
requested by jsing on review
|
| |
|
|
|
|
| |
This is a silly API, but there are worse.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
Remove unnecessary ret parameter and freeing of obj (which looks like
a double free or freeing of unallocated memory but actually isn't due
to various magic flags). Also make this const correct.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is another brilliancy straight out of muppet labs. Overeager and
misguided sprinkling of NULL checks, going through the trademark poor
code review, made this have semantics not matching what almost every
other function with this signature would be doing in OpenSSL land.
This is a long standing mistake we can't fix without introducing
portability traps, but at least annotate it. Simplify the elaborate
dance steps and make this resemble actual code.
ok jsing
|
| |
|
|
|
|
| |
Drop unnecessary checks that are part of the stack API.
ok jsing
|
| |
|
|
|
|
| |
Plus, replace a manual check with a call to X509_EXTENSION_get_critical().
ok jsing
|
| |
|
|
|
|
|
|
| |
Like most of its siblings, this function can be simplified significantly
by making proper use of the API that is being built. Drop unnecessary NULL
checks and other weirdness and add some const correctness.
ok jsing
|
| |
|
|
|
|
|
| |
different asm stanzas to produce strong aliases.
This unbreaks libcrypto (and thus ssh, among other things) on hppa after the
recent switch to LIBRESSL_CRYPTO_NAMESPACE.
|
| |
|
|
|
|
| |
symbols from symbols.list now that we have everything hidden
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
| |
With only slight application of color to this entelodont's lips. It's the
usual deal - hard to say what's worse, the code or its docs...
|
| |
|
|
|
| |
It will be a cold day in hell before I see an OpenSSL manpage without
mistakes in it.
|
| | |
|
| | |
|
| |
|
|
|
| |
requested by jsing on review
ok beck
|
| | |
|
| | |
|
| |
|
|
| |
suggested by jsing on review
|
| |
|
|
| |
noticed by jsing on review
|
| |
|
|
| |
This is simpler, if slightly more expensive
|
| |
|
|
| |
no functional change
|
| |
|
|
| |
Also avoid an unnecessary NULL check.
|
| |
|
|
| |
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This reverts to the license added in OpenSSL's initial import of this
file in commit 1eff3485b63f84956b5f212aa4d853783bf6c8b5
|
